Privacy Policy

ExpiryDesk is built so that the documents you track — passports, licenses, warranties, anything with an expiry date — stay on your device. We never see them. We collect the email address you sign in with, your password hash, your subscription state, and a small handful of anonymized usage events so we can keep the service running.

The longer version, in plain English, follows. If you have questions about anything below, email us at hello@expirydesk.app.

To operate ExpiryDesk we collect the smallest amount of information we can:

• Email address — used to sign you in and to send email reminders if you opt in.
• Password hash — your password is hashed by our authentication provider (Supabase) before it reaches us. We never store or see the plain-text password.
• Subscription state— whether you're on Free, Premium, or Premium Family, plus trial status. Billing details are held by Apple or Google, not by us.
• Anonymized usage events — a fixed set of five events the app sends so we can fix bugs and prioritize features:app_open, signup, first_doc_added, paywall_shown, purchase_completed. These events do not include any information about the documents you store.
• Reminder schedule IDs (email channel only) — when you opt into email reminders, we store {user_id, reminder_id, send_at, channel} so the email job knows when to send a reminder. We do not store what the reminder is about.

The following never leaves your phone, even if you opt into every feature in the app:

• Document images and photographs
• OCR text extracted from your documents
• Document titles, names, or descriptions
• Document numbers (passport numbers, license numbers, policy numbers)
• Expiry dates and renewal dates
• Document types and categories
• Family profile names
• Tags and notes you add

We don't collect this data. We can't share what we don't have.

Documents are stored in an encrypted SQLite database on the device you installed the app on. The database is encrypted at rest with a key derived from your device's secure enclave (iOS) or Android Keystore. Date detection runs on-device using Apple Vision and Google ML Kit — your photos never travel to a cloud OCR service or a generative AI model.

For clarity, here is what lives where:

• On your phone, encrypted: document photos, document numbers and dates, family profile names, tags, and notes.
• On our servers: your sign-in email address, your password hash, your subscription state, and the timestamps of email reminders you opted into.

If you opt into email reminders, the app sends a small payload to a serverless function we run on Supabase Edge Functions. The payload contains {user_id, reminder_id, send_at, channel}— a row that tells the email job “this user wants an email at this time.” It does not contain document content.

When the time arrives, the email body we send is generic: “You have a renewal coming up — open ExpiryDesk to see which one.” The actual document is only revealed inside the app, where the data lives.

Every email reminder includes an unsubscribe link. Clicking it opt-outs the user immediately and never shows them an email reminder again.

ExpiryDesk uses a small number of vendors to run. None of them receive your document content.

• Supabase — authentication, database for the small set of fields above, edge functions for email scheduling.
• Resend — the email delivery provider used to send the generic reminder emails.
• RevenueCat — keeps subscription state in sync between the App Store, Google Play, and our servers.
• Sentry — receives crash reports if the app errors. Document content is filtered out before any report leaves your device.
• PostHog — receives the five anonymized events listed above. We do not enable session recording, heatmaps, or any other capture.
• Firebase — used for push notifications. Push payloads contain a generic message only, never document specifics.

Depending on where you live, you have legal rights over the personal data we hold about you:

• EU and UK (GDPR): the right to access, correct, delete, restrict processing, or take a copy of your data, and the right to object to processing. You can exercise any of these by emailing us at hello@expirydesk.app.
• California (CCPA / CPRA): the right to know what we collect, the right to delete it, the right to correct inaccuracies, and the right to opt out of any sale or sharing of personal information. We do not sell or share your data, full stop.
• India (DPDP Act 2023): the right to access, correct, and erase the personal data we hold, and the right to nominate a representative to exercise those rights on your behalf.

You can also do most of this from inside the app — see the next section.

You control the data we hold:

• Export: the app has an Export button that produces a CSV or PDF of all your tracked documents. The export never leaves your phone unless you explicitly share it.
• Account deletion: the app has a Delete Account button that wipes your local document database AND removes your row from our Supabase database, including your email, password hash, and any reminder schedule rows. The deletion is immediate.

We retain anonymized usage events (the five-event set) in aggregate. After account deletion, those events can no longer be tied back to you.

ExpiryDesk is not directed at children under 13. We do not knowingly collect personal information from anyone under 13.

The Family profile feature is designed for adults to track documents fortheir children — for example, a parent adding a child's passport or vaccination card. Those profile names and document details stay on the parent's device, encrypted, and we never see them.

If you believe a child under 13 has created an ExpiryDesk account, contact us and we will delete the account.

For privacy questions, requests under the laws above, or anything else: hello@expirydesk.app.

ExpiryDesk is operated by Integrra Systems, a limited liability partnership registered in India.

This privacy policy is governed by the laws of India. Disputes that can't be resolved by good-faith negotiation will go to courts located in India.

We may update this policy occasionally. When we do, we will revise the effective date at the top. For changes that materially affect how we handle your data, we will email all account holders before the changes take effect.